shib-rack 0.3.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: ee8836c8686e810b738093267b1e87d260e7110b
-  data.tar.gz: 8ecab14fcabfcfffa8fe4db416d62614c391f82d
+SHA256:
+  metadata.gz: 78fa3a4ee12fc6f8e41592474540ce68b901ef3f029aecbd0570f45875281559
+  data.tar.gz: 3758a8bc22d11331862fa010d697a5baca2a7eb2b5f67e50bc7e6e5f5f4b7ca9
 SHA512:
-  metadata.gz: cf42df46df9c220c4cd8ebd2fa2229deaf7ad01103f427128554db3849579c3bfcdbb445a11997aa383c2687fcabb6fd2514610d70af0db8178bcb464e4d0d5b
-  data.tar.gz: 23ed96de7c8a8acb9b2d8a8bc9d5c178b78a1e18b4f8d2334afb2bb92de0a67020bc2d0fc058ff45181e7151ec4f4b70a837e229f3814bc473966df3cf40046c
+  metadata.gz: eb56619f465b8ef03c7e96aef94dd1ee66dd408f5452bf6c07df966faecf128553e0ed6ad329a2223ef0f8c21742681c769cd112cea44883a57e1ee1c193f707
+  data.tar.gz: 29c1a07bd0cc488e958fea28749f413a70781a7434085df7edcade942b2c5be2734129e077ed309f880039d979fd9a26fc8f3f871f1c1689eac25ba9d1d688d3

data/.github/workflows/.test.yaml

@@ -0,0 +1,20 @@
+name: Run RSpec tests
+
+on: [push, pull_request]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc # v1.202.0
+
+      - name: Install dependencies
+        run: bundle install
+
+      - name: Run RSpec
+        run: bundle exec rspec

data/.rubocop.yml

@@ -3,8 +3,9 @@ inherit_gem:
 
 AllCops:
   TargetRailsVersion: 4.0
+  TargetRubyVersion: 2.4.2
 
-Style/FileName:
+Naming/FileName:
   Exclude:
     - lib/shib-rack.rb
 

data/.ruby-version

@@ -0,0 +1 @@
+3.3.6

data/Makefile

@@ -0,0 +1,4 @@
+publish-gem:
+	gem build shib-rack.gemspec
+	gem push shib-rack-*.gem
+	rm shib-rack-*.gem

data/README.md

@@ -1,44 +1,15 @@
 # ShibRack
 
 [![Gem Version][GV img]][Gem Version]
-[![Build Status][BS img]][Build Status]
-[![Dependency Status][DS img]][Dependency Status]
-[![Code Climate][CC img]][Code Climate]
-[![Coverage Status][CS img]][Code Climate]
 
 [Gem Version]: https://rubygems.org/gems/shib-rack
-[Build Status]: https://codeship.com/projects/145971
-[Dependency Status]: https://gemnasium.com/ausaccessfed/shib-rack
-[Code Climate]: https://codeclimate.com/github/ausaccessfed/shib-rack
 
 [GV img]: https://img.shields.io/gem/v/shib-rack.svg
-[BS img]: https://img.shields.io/codeship/5cdcef80-e343-0133-84a6-5a988fa7d930/develop.svg
-[DS img]: https://img.shields.io/gemnasium/ausaccessfed/shib-rack.svg
-[CC img]: https://img.shields.io/codeclimate/github/ausaccessfed/shib-rack.svg
-[CS img]: https://img.shields.io/codeclimate/coverage/github/ausaccessfed/shib-rack.svg
 
 [Shibboleth SP](http://shibboleth.net) authentication plugin for Rack-based web
 applications. Contains Rails-specific extensions for consumption by Rails
 applications.
 
-Author: Shaun Mangelsdorf
-
-```
-Copyright 2016, Australian Access Federation
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-   http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-```
-
 ## Installation
 
 Add the `shib-rack` dependency to your application's `Gemfile`:
@@ -53,19 +24,168 @@ Use Bundler to install the dependency:
 bundle install
 ```
 
-TBC
+Then create a Receiver class which will receive the session attributes. In development mode, `shib-rack` uses a development handler to provide example identities that you can use.
+
+Optionally, you can also setup an error handler class.
+
+You will need to customise this to suit your usage. Below is an example using only a limited number of attributes.
+
+```ruby
+# frozen_string_literal: true
+# Extends the Authentication Module from Shib-Rack
+module Authentication
+  # Custom SubjectReceiver Class
+  class SubjectReceiver
+    include ShibRack::DefaultReceiver
+    include ShibRack::AttributeMapping
+
+    map_single_value shared_token:           'HTTP_AUEDUPERSONSHAREDTOKEN',
+                     targeted_id:            'HTTP_TARGETED_ID',
+                     principal_name:         'HTTP_PRINCIPALNAME'
+
+    def subject(_env, attrs)
+      Subject.transaction do
+        identifier = attrs.slice(:targeted_id)
+        subject = Subject.find_or_initialize_by(identifier)
+
+        subject.update!(attrs)
+        subject
+      end
+    end
+
+    def finish(_env)
+      redirect_to('/dashboard')
+    end
+  end
+end
+```
+
+### Multiple attributes
+
+Some attributes are multi-valued, such as `affiliation` and `scoped_affiliation`.
+
+You can use the `map_multi_value` method for these attributes, but you will need to consider how to store them in your app. In the example below, a separate model has been used for `affiliations`.
+
+Multi-value attributes (as with other attributes) are appended to your HTTP headers after authentication occurs. Multi-value attributes are stored in your header as a single string with each value delimited by a `;`. This method splits the string into a ruby array based on this delimiting character.
+
+```ruby
+# frozen_string_literal: true
+# Extends the Authentication Module from Shib-Rack
+module Authentication
+  # Custom SubjectReceiver Class
+  class SubjectReceiver
+    include ShibRack::DefaultReceiver
+    include ShibRack::AttributeMapping
 
-### Integrating with a Rack application
+    map_single_value shared_token:           'HTTP_AUEDUPERSONSHAREDTOKEN',
+                     targeted_id:            'HTTP_TARGETED_ID',
+                     principal_name:         'HTTP_PRINCIPALNAME'
 
-TBD
+    map_multi_value  affiliation:            'HTTP_EDUPERSONAFFILIATION'
+
+    def subject(_env, attrs)
+      Subject.transaction do
+        identifier = attrs.slice(:targeted_id)
+        subject = Subject.find_or_initialize_by(identifier)
+
+        subject.update!(attrs.except(:affiliation))
+        update_affiliations(subject, attrs)
+
+        subject
+      end
+    end
+
+    def finish(_env)
+      redirect_to('/dashboard')
+    end
+
+    def update_affiliations(subject, attrs)
+      touched = []
+
+      attrs[:affiliation].each do |value|
+        touched << subject.affiliations.find_or_create_by!(value: value)
+      end
+
+      subject.affiliations.where.not(id: touched.map(&:id)).destroy_all
+    end
+  end
+end
+```
 
 ### Integrating with a Rails application
 
-TBD
+Map the `ShibRack::Engine` app to a path in your application. It is strongly recommended that you use the default path of `/auth`. In `config/routes.rb`
+
+```ruby
+Rails.application.routes.draw do
+  mount ShibRack::Engine => '/auth'
+end
+```
+
+Configure the receiver, and optional error handler in `config/application.rb`
+
+```ruby
+module MyApp
+  class Application < Rails::Application
+    # ...
+    config.autoload_paths << Rails.root.join('lib')
+    config.shib_rack.receiver = 'Authentication::SubjectReceiver'
+    config.shib_rack.error_handler = 'Authentication::ErrorHandler'
+  end
+end
+```
+
+Ensure the gem runs in development mode in `config/development.rb`
+
+```ruby
+config.shib_rack.development_mode = true
+```
+
+And likewise ensure the gem runs in test mode in `config/test.rb`
+
+```ruby
+config.shib_rack.test_mode = true
+```
 
 ### Using with Capybara-style tests
 
-TBD
+Ensure that you have configured the gem to run in test mode in `config/test.rb` (See above)
+
+Once this has been setup, you can create a capybara-style test. See the example below which tests the login process using the test handler. This is an example only, and will vary based on your app implementation.
+
+```ruby
+# frozen_string_literal: true
+require 'rails_helper'
+
+RSpec.feature 'Authentication Flow', type: :feature do
+  let(:idp_domain) { Faker::Internet.domain_name }
+  let(:idp) { "https://idp.#{idp_domain}/idp/shibboleth" }
+  let(:sp) { "https://sp.#{Faker::Internet.domain_name}/shibboleth" }
+  let(:name) { Faker::Name.name }
+
+  let(:attrs) do
+    {
+      'HTTP_AUEDUPERSONSHAREDTOKEN'     => SecureRandom.urlsafe_base64(20),
+      'HTTP_TARGETED_ID'                => "#{idp}!#{sp}!#{SecureRandom.uuid}",
+      'HTTP_PRINCIPALNAME'              => "#{name}@#{idp_domain}",
+      'HTTP_EDUPERSONAFFILIATION'       => 'staff;member'
+    }
+  end
+
+  before do
+    ShibRack::TestHandler.attributes = attrs
+    visit '/auth/login'
+  end
+
+  it 'User is redirected to dashboard with details displayed on initial login' do
+    expect(current_path).to eq('/dashboard')
+    expect(page).to have_content("You're logged in. Here are your details")
+    expect(page).to have_content(name)
+    expect(page).to have_content(idp_domain)
+    # Further checks for other attributes can be added here
+  end
+end
+```
 
 ## Contributing
 

data/lib/shib_rack/attribute_mapping.rb

@@ -23,6 +23,7 @@ module ShibRack
 
       def add_attribute_mapping(attr, mapper)
         raise "Conflicting mapping for `#{attr}`" if attribute_mappings[attr]
+
         attribute_mappings[attr] = mapper
       end
 

data/lib/shib_rack/default_receiver.rb

@@ -22,7 +22,7 @@ module ShibRack
     end
 
     def redirect_to(url)
-      [302, { 'Location' => url }, []]
+      [302, { 'location' => url }, []]
     end
 
     def logout(env)

data/lib/shib_rack/development_handler.rb

@@ -8,19 +8,23 @@ module ShibRack
   # sample identities for local testing.
   class DevelopmentHandler < Handler
     class <<self
-      attr_writer :identities
+      attr_writer :identities, :login_redirect
 
       def identities
         @identities ||= load_identities
       end
 
+      def login_redirect(env)
+        @login_redirect ||= "#{env['SCRIPT_NAME']}/development"
+      end
+
       def resolve_identity(shared_token)
         identities.find { |i| i['HTTP_AUEDUPERSONSHAREDTOKEN'] == shared_token }
       end
 
       def load_identities
         require 'yaml'
-        yaml = File.read(File.expand_path('../identities.yml', __FILE__))
+        yaml = File.read(File.expand_path('identities.yml', __dir__))
 
         YAML.safe_load(yaml)['identities'].map do |identity|
           identity.reduce({}) { |a, (k, v)| a.merge("HTTP_#{k.upcase}" => v) }
@@ -52,7 +56,7 @@ module ShibRack
       end
 
       env['rack.session']['original_params'] = params
-      [302, { 'Location' => "#{env['SCRIPT_NAME']}/development" }, []]
+      [302, { 'location' => DevelopmentHandler.login_redirect(env) }, []]
     end
 
     def restore_original_query(env)
@@ -66,13 +70,13 @@ module ShibRack
     def development
       [
         200,
-        { 'Content-Type' => 'text/html; charset=utf-8' },
+        { 'content-type' => 'text/html; charset=utf-8' },
         [development_html]
       ]
     end
 
     def development_html
-      <<~EOF
+      <<~HTML
         <!doctype html>
         <html>
           <head><title>Development Login</title></head>
@@ -81,7 +85,7 @@ module ShibRack
             #{identities_html}
           </body>
         </html>
-      EOF
+      HTML
     end
 
     def identities_html
@@ -89,7 +93,7 @@ module ShibRack
     end
 
     def identity_html(identity)
-      <<~EOF
+      <<~HTML
         <form method="get" action="login">
           <hr/>
           <pre>#{JSON.pretty_generate(identity)}</pre>
@@ -97,7 +101,7 @@ module ShibRack
                  value="#{identity['HTTP_AUEDUPERSONSHAREDTOKEN']}"/>
           <button type="submit">Log In</button>
         </form>
-      EOF
+      HTML
     end
   end
 end

data/lib/shib_rack/engine.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'ostruct'
+
 module ShibRack
   # Provides integration of shib-rack into Rails applications
   class Engine < Rails::Engine
@@ -20,6 +22,7 @@ module ShibRack
     def handler
       return 'ShibRack::DevelopmentHandler' if configuration[:development_mode]
       return 'ShibRack::TestHandler' if configuration[:test_mode]
+
       'ShibRack::Handler'
     end
   end

data/lib/shib_rack/handler.rb

@@ -5,7 +5,6 @@ module ShibRack
   # Shibboleth SP.
   class Handler
     attr_reader :error_handler
-    private :error_handler
 
     def initialize(opts)
       @receiver = constantize(opts[:receiver])
@@ -15,12 +14,13 @@ module ShibRack
     def call(env)
       return login(env) if env['PATH_INFO'] == '/login'
       return logout(env) if env['PATH_INFO'] == '/logout'
+
       [404, {}, ["Not found: #{env['PATH_INFO']}"]]
     end
 
     def handle(_env, _exception)
       [
-        400, { 'Content-Type' => 'text/plain' }, [
+        400, { 'content-type' => 'text/plain' }, [
           'Sorry, your attempt to log in to this service was not successful. ',
           'Please contact the service owner for assistance, and include the ',
           'link you used to access this service.'
@@ -32,7 +32,7 @@ module ShibRack
 
     def login(env)
       receiver.receive(env)
-    rescue => e
+    rescue StandardError => e
       error_handler.handle(env, e)
     end
 
@@ -42,6 +42,7 @@ module ShibRack
 
     def constantize(klass_name)
       return nil if klass_name.nil?
+
       klass_name.split('::').reduce(Kernel) { |acc, elem| acc.const_get(elem) }
     end
 

data/lib/shib_rack/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ShibRack
-  VERSION = '0.3.0'
+  VERSION = '0.5.0'
 end

data/shib-rack.gemspec

@@ -1,7 +1,6 @@
-# coding: utf-8
 # frozen_string_literal: true
 
-lib = File.expand_path('../lib', __FILE__)
+lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'shib_rack/version'
 
@@ -19,21 +18,22 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
 
   spec.add_dependency 'rack'
+  spec.add_dependency 'ostruct'
 
   spec.add_development_dependency 'aaf-gumboot'
 
-  spec.add_development_dependency 'rack-test'
   spec.add_development_dependency 'faker'
-  spec.add_development_dependency 'rails', '~> 4.2'
+  spec.add_development_dependency 'rack-test'
+  spec.add_development_dependency 'rails'
   spec.add_development_dependency 'sqlite3'
 
-  spec.add_development_dependency 'bundler', '~> 1.11'
-  spec.add_development_dependency 'rake', '~> 10.0'
-  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'rspec'
 
   spec.add_development_dependency 'guard'
   spec.add_development_dependency 'guard-bundler'
-  spec.add_development_dependency 'guard-rubocop'
   spec.add_development_dependency 'guard-rspec'
+  spec.add_development_dependency 'guard-rubocop'
   spec.add_development_dependency 'simplecov'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shib-rack
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.5.0
 platform: ruby
 authors:
 - Shaun Mangelsdorf
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-07-26 00:00:00.000000000 Z
+date: 2024-11-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -24,6 +24,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: ostruct
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: aaf-gumboot
   requirement: !ruby/object:Gem::Requirement
@@ -39,7 +53,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rack-test
+  name: faker
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -53,7 +67,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: faker
+  name: rack-test
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -70,16 +84,16 @@ dependencies:
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '4.2'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '4.2'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
@@ -98,44 +112,44 @@ dependencies:
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.11'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.11'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: guard
   requirement: !ruby/object:Gem::Requirement
@@ -165,7 +179,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: guard-rubocop
+  name: guard-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -179,7 +193,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: guard-rspec
+  name: guard-rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -206,20 +220,23 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: 
+description:
 email:
 - s.mangelsdorf@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/.test.yaml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
+- ".ruby-version"
 - ".simplecov"
 - Gemfile
 - Guardfile
 - LICENSE
+- Makefile
 - README.md
 - Rakefile
 - bin/setup
@@ -238,7 +255,7 @@ files:
 homepage: https://github.com/ausaccessfed/shib-rack.git
 licenses: []
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -253,9 +270,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.12
-signing_key: 
+rubygems_version: 3.5.22
+signing_key:
 specification_version: 4
 summary: Rack middleware for Shibboleth SP authentication
 test_files: []